const express = require('express');
const router = express.Router();
const productController = require('../controllers/productController');
const { authenticate, authorize } = require('../middleware/auth');
const upload = require('../middleware/upload');

// 公共路由 - 不需要认证
router.get('/', productController.getAllProducts);
router.get('/featured', productController.getFeaturedProducts);
router.get('/:id', productController.getProductById);

// 商家路由 - 需要认证和商家权限
router.post(
  '/',
  authenticate,
  authorize(['merchant']),
  upload.array('images', 5),
  productController.createProduct
);

router.put(
  '/:id',
  authenticate,
  authorize(['merchant']),
  upload.array('images', 5),
  productController.updateProduct
);

router.delete(
  '/:id',
  authenticate,
  authorize(['merchant']),
  productController.deleteProduct
);

module.exports = router;